Re: How best get rid of SELinux?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 9/24/07, Mikkel L. Ellertson <mikkel@xxxxxxxxxxxxxxxx> wrote:
> Alan M. Evans wrote:
> > On Mon, 2007-09-24 at 15:58 -0500, Mike McCarty wrote:
> >
> >> Because SELinux is not a "thing", it is a way of writing apps.
> >
> > No, no no! How many times does this have to be explained?
> >
> > Applications don't need to know anything about SELinux in order to be
> > under its purview. Only applications that need to interact with SELinux
> > in some way need to know about it. I can easily write a program that
> > tries to open a forbidden resource and SELinux can most easily prevent
> > it despite that my application only #includes stdio.h and knows nothing
> > of the hidden hand that blocks it.
> >
> Well, in one way it is a way of writing apps - you have to write
> apps that are well behaved if they are going to run with SELinux.
> Then again, you should be writing apps that way anyway. You could
> say that SELinux forces you to write better code. ;-)
>
> Mikkel

change "with" to "under", since most people are running SELinux in targeted mode

-- 
Fedora 7 : sipping some of that moonshine
( www.pembo13.com )


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux